Over 1 million WordPress websites at risk from SQL injection

9 years ago
25 February 2015
1 reply
501 views

Userlevel 7

+54

Jasper_The_Rasper
Moderator
10580 replies

Summary: A critical security flaw in a plugin called WP-Slimstat is to blame.
By Charlie Osborne for Zero Day | February 25, 2015

Over one million websites running the WordPress content management system are potentially at risk of being hijacked due to a critical vulnerability exposed in the WP-Slimstat plugin.

On Tuesday, a security advisory posted by researcher Marc-Alexandre Montpas from security firm Sucuri said the "very high risk" vulnerability found in versions of WP-Slimstat 3.9.5 and lower could lead to cyberattackers being able to break the plugin's "secret" key, perform an SQL injection and take over a target website.

The security bug is found in all versions of the analytics plugin except the latest 3.6 version.

Full Article

1 reply

Userlevel 7

+54

Jasper_The_Rasper
Author
Moderator
10580 replies
9 years ago
25 February 2015

By Ionut Ilascu 25 Feb 2015

New release is currently available

A new version of WP-Slimstat has been released (3.9.6) to eliminate the vulnerability. It tightens SQL queries and makes the encryption key more difficult to guess.

Users are advised to switch to the new build and have been given instructions on how to make sure that the tracking code relies on the latest improvements.

Full Article

Reply

We have recently updated our Privacy Policies. We encourage you to read the full terms here.

New release is currently available

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded